正在从ActiveDirectory检索用户帐户过期

您可以使用System.DirectoryServices.AccountManagement命名空间来完成此任务。从PrincipalContext获得UserPrincipal后，就可以检查UserPrincipal.AccountExpirationDate属性。

PrincipalContext context = new PrincipalContext(ContextType.Domain);
UserPrincipal p = UserPrincipal.FindByIdentity(context, "Domain''User Name");
if (p.AccountExpirationDate.HasValue)
{
    DateTime expiration = p.AccountExpirationDate.Value.ToLocalTime();
}

如果确实想要使用DirectoryEntry，请执行以下操作：

//assume 'user' is DirectoryEntry representing user to check
DateTime expires = DateTime.FromFileTime(GetInt64(user, "accountExpires"));
private Int64 GetInt64(DirectoryEntry entry, string attr)
{
    //we will use the marshaling behavior of the searcher
    DirectorySearcher ds = new DirectorySearcher(
    entry,
    String.Format("({0}=*)", attr),
    new string[] { attr },
    SearchScope.Base
    );
    SearchResult sr = ds.FindOne();
    if (sr != null)
    {
        if (sr.Properties.Contains(attr))
        {
            return (Int64)sr.Properties[attr][0];
        }
    }
    return -1;
}

解析accountExpires值的另一种方法是使用反射：

private static long ConvertLargeIntegerToLong(object largeInteger)
{
    Type type = largeInteger.GetType();
    int highPart = (int)type.InvokeMember("HighPart", BindingFlags.GetProperty, null, largeInteger, null);
    int lowPart = (int)type.InvokeMember("LowPart", BindingFlags.GetProperty | BindingFlags.Public, null, largeInteger, null);
    return (long)highPart <<32 | (uint)lowPart;
}
object accountExpires = DirectoryEntryHelper.GetAdObjectProperty(directoryEntry, "accountExpires");
var asLong = ConvertLargeIntegerToLong(accountExpires);
if (asLong == long.MaxValue || asLong <= 0 || DateTime.MaxValue.ToFileTime() <= asLong)
{
    return DateTime.MaxValue;
}
else
{
    return DateTime.FromFileTimeUtc(asLong);
}